package name.ljd.ch9_1.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;

import name.ljd.ch9_1.security.CustomUserService;
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
	@Bean
	UserDetailsService customUserService() {
		return new CustomUserService();
	}
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth.userDetailsService(customUserService());
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests()
		.anyRequest().authenticated()//4所有请求需要认证，即登陆后才能访问
		.and()
		.formLogin()
			.loginPage("/login")        
			.failureUrl("/login?error")
			.permitAll()//5//定制登陆行为，登陆页面可以任意访问
		.and()
		.logout().permitAll();//6定制注销行为，注销请求可以任意访问 
	}
	
}
